PT-2019-14908 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized query string variable in the contact import.php file, which is reflected in HTML. This leads to a cross-site scripting XSS issue, allowing potential...

PT-2019-14905 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an unsanitized filename variable in the recording play.php file, which is base64 decoded and reflected in HTML. This leads to a potential XSS issue. Recommendations: For...

Input validation

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the usermigrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors...